If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

SSL for PE

Hey guys, may I suggest that you use https for the PE site? You can get a free certificate from Let's Encrypt (which is backed by just about every major web org), that's very easy to install and setup. I can help if you need it.

Got forced to change my password by vBulletin this morning. I had been waiting to "upgrade" to a stronger password once I knew for certain PE was secure.

How are things looking on that front?

I suspect crickets chirping

"It is the mark of an educated mind to be able to entertain a thought without accepting it."
-- Aristotle
Nostalgia, you know, ain't what it used to be. Furthermore, they tells me, it never was.
"The future will be better tomorrow." Dan Quayle

The problem here is not all the elements are secure and the non-secure elements are being dropped by the browser.

I recently converted progforums.com to SSL and used PHP code in the forum header to re-write the address bar to the https version of any page. This can also be achieved in the .htaccess file on Apache systems.

One problem is, if one of your users links, for example, an image on a remote site that is not secure, the browser will report that the page security is broken and the image won't appear (or in IE, it'll ask you if you want to display the non-secure items). I was able to use the forum's censoring rules to convert some known addresses to https - for example I have a rule that converts http://www.progforums.com to https://www.progforums.com. This saved me having to find them all and correct them manually!

Of course, you can't simply convert all http:// to https:// because you can't guarantee any particular remote site is secure.

Well with forum software, its usually a case of changing a base URL somewhere in the database, but then you need to make sure anyone hitting the site from the old URL gets redirected to the secure version. This also helps search engines find your site and stops them thinking your site is duplicated.

As I said, I did this in the php file that generates the header of each page and I assume a similar thing could be done to a vBulletin site.